Privacy Policy

Effective Date: 03 June 2025

Last Updated: 03 June 2025

1. Introduction & Who We Are

Welcome to ReplicaPixel! This Privacy Policy explains how ReplicaPixel" ("we", "us", "our") collects, uses, shares, and protects your personal information when you use our AI content generation application "ReplicaPixel" (the "Service"), available through our website https://replicapixel.com and potentially associated applications. This includes information processed when you use features like Google OAuth2 for authentication or to interact with Google services through our application.

ReplicaPixel, located at Rotterdam, The Netherlands, is the Data Controller responsible for the processing of your personal data under the General Data Protection Regulation (GDPR).

Our commitment is to protect your privacy and handle your data responsibly and transparently. Our primary goals in processing personal information include:

Providing, operating, and maintaining the ReplicaPixel Service, including AI content generation based on your inputs.
Managing your user account (which may include authentication via Google OAuth2), processing payments (if applicable), and providing customer support.
Improving and personalizing the Service, including enhancing our AI models (often using anonymized or aggregated data).
Ensuring the security and integrity of our Service.
Complying with legal obligations, including those related to data accessed via Google APIs, and communicating with you about the Service.

We adhere to GDPR, the Google API Services User Data Policy (see Section 14), and other relevant regulations to protect your data against unauthorized access, disclosure, alteration, and destruction.

We do not currently have a designated Data Protection Officer (DPO). For any privacy-related questions or requests, please contact us at:
Email: support@"ReplicaPixel.com

Your privacy is our priority. This commitment extends to our collaboration with third-party services involved in delivering ReplicaPixel.

2. Scope of this Policy

This policy applies to all personal data processed by ReplicaPixel in relation to your use of the ReplicaPixel Service, including data collected via our website, the application itself, data obtained through Google OAuth2 mechanisms (if you choose to use them), and communications with us. It covers website visitors, registered users, subscribers, and anyone interacting with the Service.

3. Information We Collect

We collect different types of information depending on how you interact with ReplicaPixel:

3.1. Information You Provide Directly

Account Information: When you register, we collect information such as your name, email address, and password. If you register or log in using Google OAuth2, we will collect information as described in Section 3.4.
Payment Information: If you subscribe to paid features, we (or our third-party payment processor) collect billing details like your name, address, and payment card information. We do not store your full payment card details ourselves.
Input Data: We collect the prompts, text descriptions, images, or other data you provide as input to generate content using ReplicaPixel's AI features (e.g., Lora models). This may include data you authorize us to access from your Google services (see Section 3.4).
Communications: If you contact us for support or feedback, we collect the information contained in your communications (e.g., email content, support ticket details).

3.2. Information Collected Automatically

Usage Data: Information about how you interact with the Service, such as features used, content generated, time spent, clicks, settings preferences, and error logs.
Device and Connection Information: Technical data including your IP address, browser type and version, operating system, device identifiers (where applicable), and general location derived from your IP address.
Cookies and Tracking Technologies: We use cookies and similar technologies to operate the Service, understand usage, and for analytics. See Section 9 ("Cookies") for details.

3.4. Information Received via Google OAuth2 (If Applicable)

If you choose to connect your Google account to our Service using OAuth2 (e.g., for signing in or accessing Google services like Google Drive), we will collect and process information from Google based on the permissions you grant. This may include:

Your basic Google profile information: This includes your email address, full name, and profile picture URL. We use this for account creation, authentication, and to personalize your experience within ReplicaPixel.
If you connect Google Drive:
- To allow you to use files from your Google Drive as input, we may access the names, identifiers, and content of specific files you explicitly select within our application. This access is typically read-only for the selected files.
- To allow you to save generated content to your Google Drive, we may require permission to create new files in a location you specify within your Google Drive.
The specific data accessed and the permissions requested will be clearly presented to you during the Google OAuth2 consent process. We only access data that is necessary for the functionality you choose to use.

Our use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements (see Section 14).

4. How We Use Your Information & Legal Basis (GDPR)

We process your personal data based on specific legal grounds under GDPR:

To Provide and Manage the Service (Legal Basis: Art. 6(1)(b) GDPR - Performance of Contract):
- Creating and managing your user account, including authentication using credentials you create or via Google OAuth2.
- Processing your input data (including any data accessed via Google APIs with your consent) to generate requested AI content (images, videos).
- Delivering the generated content to you.
- Processing payments and managing subscriptions.
- Providing customer support and responding to inquiries.
- How we use Google data accessed via OAuth2: If you choose to register or sign in using your Google account, we access your Google basic profile information for authentication purposes. Specifically, we retrieve your Email address, Full Name, and Profile Picture from Google. This information is used solely to:
 - Create and manage your user account on ReplicaPixel.
 - Pre-fill your account details (name and email) within our Service.
 - Display your name and profile picture within your user account on ReplicaPixel, should you choose to use the Google-provided picture.
 We do not access any other Google services or data beyond this basic profile information for authentication. The data used for AI content generation within ReplicaPixel is provided directly by you and is separate from the data obtained through Google OAuth2 for authentication.
To Improve and Develop the Service (Legal Basis: Art. 6(1)(f) GDPR - Legitimate Interests):
- Analyzing usage patterns to understand user needs and enhance features (Usage Data).
- Improving the performance, accuracy, and safety of our AI models. This may involve analyzing Input Data (including data accessed via Google APIs if used for model training, which requires explicit disclosure and compliance with Limited Use) and Generated Content, typically in an anonymized or aggregated form where feasible. Our legitimate interest is in providing a better, safer, and more effective Service.
- Troubleshooting and debugging issues.
For Security and Compliance (Legal Basis: Art. 6(1)(f) GDPR - Legitimate Interests; Art. 6(1)(c) GDPR - Legal Obligation):
- Protecting the security and integrity of our Service, preventing fraud and abuse (Usage Data, Device Info).
- Complying with applicable laws, regulations, and legal processes, including requirements from Google regarding API usage.
For Communication & Marketing (Legal Basis: Art. 6(1)(a) GDPR - Consent; Art. 6(1)(f) GDPR - Legitimate Interests):
- Sending important service-related communications (e.g., account updates, security alerts) (Legitimate Interest/Contract).
- Sending promotional communications or newsletters *if* you have opted-in (Consent). You can opt-out at any time.

5. Data Sharing and Disclosure

We do not sell your personal data. We may share your information in the following limited circumstances:

5.1. Third-Party Service Providers (Subprocessors)

We engage trusted third-party companies and individuals to perform services on our behalf (e.g., payment processing, data hosting, analytics, security, customer support, AI infrastructure). These subprocessors only have access to the personal data necessary to perform their tasks and are contractually obligated (via Data Processing Agreements - DPAs where required by GDPR) to protect your data and use it solely for the purposes we specify.

Key categories of subprocessors may include:

Service Name / Category	Provider (Example/Actual)	Purpose(s)	Potential Personal Data Types Processed	Privacy Policy Link / Location
Payment Processing	Stripe, Inc.	Processing subscription payments, fraud prevention.	Name, Email, Billing Address, Payment Method Information (partial, tokenized), Purchase History, IP Address.	Stripe Privacy Policy
Cloud Hosting & Infrastructure (Primary Application)	Hetzner Online GmbH	Hosting the ReplicaPixel application, database management.	Account Info, Usage Data, IP Addresses (in logs).	Hetzner Privacy Policy
Object Storage (e.g., for user uploads, generated content)	Amazon Web Services EMEA SARL (AWS S3)	Storing user-uploaded files, generated content (images, videos, etc.), application assets, backups.	Input Data (if directly uploaded by user), Generated Output files, User-uploaded files which may contain personal data.	AWS Privacy Notice
Email Delivery Service	Amazon Web Services EMEA SARL (AWS SES)	Sending transactional emails (e.g., account verification, password resets, important service notifications) and marketing emails (with consent).	Email Address, Name (if used in email personalization), content of emails (which might include personal data if relevant to the communication), IP address (for email delivery tracking).	AWS Privacy Notice
AI Model Infrastructure	fal - Features & Labels Inc	Running the AI models for content generation.	Input Data (prompts), potentially Usage Data (for optimisation). Anonymization applied where possible.	fal.ai Privacy Policy
Analytics	Google Ireland Limited (Google Analytics)	Understanding website/app usage, improving user experience, performance tracking.	IP Address (often anonymized), Device/Browser Information, Interaction Logs (clicks, pages visited, time spent), Approximate Location (IP-based), User ID (if implemented).	Google Privacy Policy
Security / CDN	Cloudflare, Inc.	Website security, performance optimization (CDN), bot protection.	IP Address, Security Logs, Device/Browser Information (for challenges).	Cloudflare Privacy Policy
Advertising / Marketing Pixels (If Used)	Meta Platforms Ireland Ltd. (Meta Pixel)	Tracking ad campaign effectiveness, remarketing (if consent given), website analytics.	IP Address, Device/Browser Information, Interaction Logs (pages visited, actions taken), Email/User ID (if matched via hashing, with consent).	Meta Privacy Policy
Customer Support Platform	Zendesk	Managing support tickets and communications.	Name, Email, Communication History, Account Info (as needed for support).	Zendesk Privacy Notice

5.2. Legal Requirements

We may disclose your information if required by law, subpoena, or other legal process, or if we have a good faith belief that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.

5.3. Business Transfers

In the event of a merger, acquisition, bankruptcy, dissolution, reorganization, or similar transaction or proceeding involving ReplicaPixel, your information may be transferred as part of that transaction, subject to standard confidentiality arrangements.

5.4. Handling of Google User Data

Notwithstanding anything else in this Privacy Policy, if you provide ReplicaPixel access to your Google user data (specifically, your email address, full name, and profile picture obtained through Google Sign-In for authentication purposes), our use of that data will be subject to these additional restrictions:

The App will only use the accessed Google basic profile information (email address, full name, profile picture) to authenticate you, create your account within ReplicaPixel, and pre-fill your profile details as described in Section 3.4 and Section 4.
We will not transfer this Google-sourced basic profile information to others unless doing so is necessary to provide and improve these authentication and account management features (e.g., to our backend service providers strictly for these purposes, under confidentiality obligations), to comply with applicable law, or as part of a merger, acquisition, or sale of assets (with notice to you).
The App will not use this Google-sourced basic profile information for serving advertisements.
The App will not allow humans to read this Google-sourced basic profile information unless:
- We have your affirmative agreement for a specific, legitimate purpose (e.g., assisting with an account issue you reported).
- Doing so is necessary for security purposes such as investigating abuse.
- To comply with applicable law.
- For the App's internal operations (e.g., customer support, troubleshooting) related to your account, and even then only when the data is directly relevant to the operation and access is limited and logged.
Our use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements (see Section 14 for more details).

To be clear, ReplicaPixel does not access sensitive Google scopes like Gmail content or Google Drive files through the OAuth2 authentication process. The data used for AI content generation is provided directly by you and is distinct from the Google basic profile information used for authentication.

6. International Data Transfers

Your personal information may be transferred to, and processed in, countries other than the country in which you reside. These countries may have data protection laws that are different from the laws of your country (particularly if you are in the EU/EEA).

Specifically, some of our third-party service providers (as listed in Section 5) may be located outside the European Economic Area (EEA), for example, in the United States.

Where we transfer your personal data outside the EEA, we take appropriate safeguards to ensure your data receives an adequate level of protection. This typically includes relying on:

An adequacy decision by the European Commission confirming the country provides adequate protection.
Standard Contractual Clauses (SCCs) approved by the European Commission, implemented between us and the third-party provider.
For transfers to the U.S., we may rely on providers certified under the EU-U.S. Data Privacy Framework (or its successor) or utilize SCCs.

Our primary servers for the ReplicaPixel application are located in: the European Union, Helsinki, Finland.

7. Data Storage and Protection

Data Security Measures:

We implement appropriate technical and organizational security measures designed to protect your personal data, including any data accessed via Google APIs, against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures include:

Encryption: Using encryption (e.g., TLS/SSL) for data in transit and encryption for sensitive data at rest.
Access Control: Limiting access to personal data to authorized personnel with a legitimate need to know, based on roles and responsibilities, and in accordance with policies such as Google's Limited Use requirements.
Security Audits and Monitoring: Regularly reviewing our security practices and monitoring systems for potential vulnerabilities and attacks.
Secure Development Practices:Incorporating security considerations into our software development lifecycle.

However, please note that no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security.

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements, and for providing and improving the Service.

To determine the appropriate retention period, we consider:

The amount, nature, and sensitivity of the personal data.
The potential risk of harm from unauthorized use or disclosure.
The purposes for which we process the data (including the purpose of authentication using Google basic profile information if you choose to use Google Sign-In) and whether we can achieve those purposes through other means.
Applicable legal requirements (e.g., financial record retention periods) and any specific retention requirements from services like Google for basic profile data accessed via their APIs for authentication.

Generally:

Account Information (including Google-derived basic profile data such as your email, name, and profile picture, if you sign in with Google): Retained for as long as your account is active with ReplicaPixel and for a reasonable period thereafter (e.g., to allow for account reactivation, to address post-termination queries, or as required by law).
Input Data (provided directly by you for AI generation) & Generated Output: May be retained as necessary to provide the Service to you (e.g., allowing you to access your past generations) and potentially for model improvement (often anonymized or aggregated, and subject to your consent where applicable, such as in our model consent policy). You may have options within ReplicaPixel to delete specific inputs and/or outputs. [User Action: Clarify if users can delete their input/output, e.g., "You can delete your generated content and associated inputs directly from your account dashboard."]
Usage Data:Often retained for a specific period (e.g., 12-24 months) for analysis to improve our Service, and then may be aggregated or deleted.
Billing Information (if applicable):Retained according to legal requirements for financial records.

You can request the deletion of your account and associated personal data, including any basic profile data retrieved from Google services for authentication, subject to the rights outlined in Section 10. We will also delete your Google user data (email, name, profile picture used for authentication) upon your request to delete your account, or if it's no longer needed for the stated purpose of account management and authentication.

9. Cookies and Tracking Technologies

We use cookies (small text files stored on your device) and similar tracking technologies (like web beacons or pixels) on our website and within the ReplicaPixel application.

Types of Cookies We Use:

Strictly Necessary Cookies: Essential for the operation of the Service (e.g., authentication, security, session management). These cannot be disabled. (Legal Basis: Contract/Legitimate Interest).
Performance and Analytics Cookies: Help us understand how users interact with the Service, measure performance, and identify areas for improvement (e.g., Google Analytics). (Legal Basis: Consent, or Legitimate Interest with safeguards).
Functional Cookies: Enable enhanced functionality and personalization (e.g., remembering preferences). (Legal Basis: Consent).
Advertising and Targeting Cookies: Used by us or third parties (like Meta) to deliver relevant advertising, measure campaign effectiveness, and track users across websites (if applicable). (Legal Basis: Consent).

Your Choices and Consent:

When you first visit our website or use the app where non-essential cookies are used, we will request your consent via a cookie banner or similar mechanism. You can manage your preferences and withdraw consent at any time through our cookie settings tool or your browser settings.

For more detailed information about the specific cookies we use, their purposes, and how to manage them, please see our separate Cookie Policy.

10. Your Data Protection Rights (GDPR)

If you are located in the European Economic Area (EEA) or UK, you have the following rights regarding your personal data:

Right of Access (Article 15 GDPR): To request access to the personal information we hold about you, including any data obtained from Google.
Right to Rectification (Article 16 GDPR): To request correction of inaccurate or incomplete data.
Right to Erasure ('Right to be Forgotten') (Article 17 GDPR): To request deletion of your personal data under certain conditions. This includes data obtained via Google OAuth2.
Right to Restriction of Processing (Article 18 GDPR): To request restriction of processing under certain conditions.
Right to Data Portability (Article 20 GDPR): To receive your data in a machine-readable format and transmit it to another controller.
Right to Object (Article 21 GDPR): To object to processing based on legitimate interests or for direct marketing.
Right to Withdraw Consent (Article 7(3) GDPR): To withdraw consent at any time where processing is based on consent (including consent for accessing Google data), without affecting prior lawful processing. You can also typically manage or revoke Google's access to your data via your Google Account security settings page.
Right to Lodge a Complaint (Article 77 GDPR): To lodge a complaint with your local supervisory authority (Data Protection Authority) if you believe our processing infringes GDPR.

Exercising Your Rights:

To exercise these rights, including requesting deletion of your data (including Google-sourced data), please contact us using the details in Section 1 ("Introduction & Who We Are") or Section 13 ("Contact Us"). We will respond within the timeframes required by GDPR (typically one month), potentially after verifying your identity.

11. Children's Privacy

The ReplicaPixel Service is not intended for or directed at children under the age of 16 (or a higher age if stipulated by local law). We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal data from a child under 16 without verification of parental consent, we will take steps to remove that information from our servers.

12. Policy Updates and Changes

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements (including changes to Google's API policies), or other factors. When we make significant changes, we will notify you through the Service (e.g., via a notification within the app or website) or by email, and we will update the "Last Updated" date at the top of this policy.

We encourage you to review this policy periodically to stay informed about how we protect your information.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy, our data practices, or our handling of Google user data, please contact us:

ReplicaPixel
Rotterdam, The Netherlands
Email: support@replicapixel.com

14. Google API Services User Data Policy Compliance

Our use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, , including the Limited Use requirements.

This means that any data obtained via Google APIs (such as your basic profile information from Google Sign-In, which includes your email address, name, and profile picture, if you choose to use this authentication method) is handled with strict limitations:

Purpose Limitation: We only request access to the Google user data (email, name, profile picture) that is essential for providing and improving the user-facing authentication and account management features of ReplicaPixel. These features are prominent in the application's user interface. The specific data requested and its use are described in Section 3.4 and Section 4 of this policy and will be clearly presented to you during the OAuth consent flow.
No Sale of Data: We do not sell your Google user data.
No Use for Advertising: We do not use or transfer your Google user data for serving advertisements, including personalized, re-targeted, or interest-based advertising.
Limited Transfer: We will not transfer your Google user data to others unless it is:
- Necessary to provide or improve the authentication and account management features visible in ReplicaPixel's user interface (and you have consented to this by choosing to sign in with Google). This may include sharing with our necessary service providers under strict confidentiality agreements for these specific purposes.
- To comply with applicable laws.
- As part of a merger, acquisition, or sale of assets of Jissicko Software (with prior notice to you).
- Necessary for security purposes (e.g., investigating abuse related to account access).
No Human Reading (unless exceptions apply): We do not allow humans to read your Google user data (email, name, profile picture) unless:
- We have your affirmative consent for specific data related to a support request or account issue you've raised.
- It is necessary for security purposes (e.g., investigating account abuse).
- To comply with applicable laws.
- The data is used for internal operations directly related to managing your account or providing support, and access is limited, logged, and directly relevant to the operation.
Secure Data Handling: We maintain robust security practices as outlined in Section 7 to protect your Google user data.

You can revoke our access to your Google data at any time via your Google account security settings page: https://myaccount.google.com/permissions. Revoking access will mean you can no longer sign in to ReplicaPixel using your Google account, though your ReplicaPixel account may persist if created, unless you also request its deletion.